Hi All,

Yes! I completely agree with Josh, on the usage configuration profiles.

Being the XML formatted content of these files can be easily parsed to fetch the composed policies values, to develop the
SCAP OVALl definitions, using available '< xmlfilecontent_test >' or '< plist510_test >' probes for better assessment.

And also, as these files can be easily deployed with customized values as per user's choice. Either by

*    By physically connecting the device
*    In an email message
*    On a webpage
*    Using over-the air configuration as described in this document

so I think it will be of great use in remediation part as well.

_______________________________________________________________________________________

In supportive to Josh, I have attached few Profile files, that were developed to address the Apple iOS Hardening Checklists
by The University Of Texas at Austin.

FMI :

https://wikis.utexas.edu/display/ISO/Apple+iOS+Hardening+Checklist

https://wikis.utexas.edu/display/ISO/iOS+Configuration+Profiles

--
Thanks !!
Prabhu S A

http://www.scaprepo.com

On 05/31/2013 02:50 AM, Josh Wisenbaker wrote:

Hi all,

I think that from an audit and remediation standpoint things can be greatly simplified by using Configuration Profiles.

You can easily get a XML formatted list of the composited policies that are on the Mac and you can easily apply settings by installing a profile. Using the policy mechanisms in OS X is highly recommended over messing with files.

As an example here is a profile I made that implements all of the settings for the initial loginwindow tickets that are in the tracker.

This profile allows for removal without authentication so it's easy to test with.

Thoughts?

Josh

--

Josh Wisenbaker

Consulting Engineer - Apple U.S. Commercial and Governmental Sales

dubs@apple.com
_______________________________________________
SCAP-On-Apple-Dev mailing list
SCAP-On-Apple-Dev@lists.macosforge.org
https://lists.macosforge.org/mailman/listinfo/scap-on-apple-dev